9.8

CVE-2020-11965

EPSS 0.43%
Veröffentlicht 21.04.2020 13:15:14
Zuletzt bearbeitet 21.11.2024 04:59:00
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Evenroute ≫ Iqrouter Firmware Version <= 3.3.1

Evenroute ≫ Iqrouter Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.621

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://evenroute.com/

Product

https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-

Third Party Advisory

https://openwrt.org/docs/guide-quick-start/walkthrough_login

Third Party Advisory

https://pastebin.com/grSCSBSu

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-11965

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11965

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11965

EUVD